Penguin
Recent Changes

Differences between version 2 and predecessor to the previous major change of rsh(1).

Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History

Newer page: version 2 Last edited on Monday, June 3, 2002 11:56:02 pm by perry Revert
Older page: version 1 Last edited on Monday, June 3, 2002 11:56:02 pm by perry Revert
@@ -115,9 +115,9 @@
  
  
 When a user connects using the protocol version 2 different 
 authentication methods are available. Using the default 
-values for PreferredAuthentications, the client will try to 
+values for ! PreferredAuthentications, the client will try to 
 authenticate first using the hostbased method; if this 
 method fails public key authentication is attempted, and 
 finally if this method fails keyboard-interactive and pass- 
 word authentication are tried. 
@@ -191,9 +191,9 @@
 A single tilde character can be sent as ~~ or by following 
 the tilde by a character other than those described below. 
 The escape character must always follow a newline to be 
 interpreted as special. The escape character can be changed 
-in configuration files using the EscapeChar configuration 
+in configuration files using the ! EscapeChar configuration 
 directive or on the command line by the -e 
 option. 
  
  
@@ -248,9 +248,9 @@
 ssh warns about this and disables password authentication to 
 prevent a trojan horse from getting the user's password. 
 Another pur- pose of this mechanism is to prevent 
 man-in-the-middle attacks which could otherwise be used to 
-circumvent the encryption. The StrictHostKeyChecking option 
+circumvent the encryption. The ! StrictHostKeyChecking option 
 (see below) can be used to prevent logins to machines whose 
 host key is not known or has changed. 
  
  
@@ -378,9 +378,9 @@
 -P 
 Use a non-privileged port for outgoing connections. This can 
 be used if a firewall does not permit con- nections from 
 privileged ports. Note that this option turns off 
-RhostsAuthentication and RhostsRSAAuthentication for older 
+! RhostsAuthentication and RhostsRSAAuthentication for older 
 servers. 
  
  
 -q 
@@ -430,9 +430,9 @@
 Requests compression of all data (including stdin, stdout, 
 stderr, and data for forwarded X11 and TCP/IP connections). 
 The compression algorithm is the same used by 
 gzip(1), and the ``level'' can be controlled by the 
-CompressionLevel option (see below). Compres- sion is 
+! CompressionLevel option (see below). Compres- sion is 
 desirable on modem lines and other slow con- nections, but 
 will only slow down things on fast net- works. The default 
 value can be set on a host-by-host basis in the 
 configuration files; see the Compression option 
@@ -546,9 +546,9 @@
 case-sensitive): 
  Host Restricts the following declarations (up to the nextHost keyword) to be only for those hosts that matchone of the patterns given after the keyword. and ?can be used as wildcards in the patterns. A singleas a pattern can be used to provide global defaultsfor all hosts. The host is the hostname argumentgiven on the command line (i.e., the name is not con-verted to a canonicalized host name before matching). 
  
  
-AFSTokenPassingSpecifies whether to pass AFS tokens to remote host.The argument to this keyword must be ``yes'' or``no''. This option applies to protocol version 1only.BatchModeIf set to ``yes'', passphrase/password querying willbe disabled. In addition, the ProtocolKeepAlives andSetupTimeOut options will both be set to 300 secondsby default. This option is useful in scripts andother batch jobs where no user is present to supplythe password, and where it is desirable to detect abroken network swiftly. The argument must be ``yes''or ``no''. The default is ``no''.BindAddressSpecify the interface to transmit from on machineswith multiple interfaces or aliased addresses. Notethat this option does not work if UsePrivilegedPortis set to ``yes''.CheckHostIPIf this flag is set to ``yes'', ssh will additionallycheck the host IP address in the known_hosts file. This allows ssh to detect if a host key changed due to DNS spoofing. If the option is set to ``no'', the check will not be executed. The default is ``yes''. 
+AFSTokenPassingSpecifies whether to pass AFS tokens to remote host.The argument to this keyword must be ``yes'' or``no''. This option applies to protocol version 1only.! BatchModeIf set to ``yes'', passphrase/password querying willbe disabled. In addition, the ! ProtocolKeepAlives andSetupTimeOut options will both be set to 300 secondsby default. This option is useful in scripts andother batch jobs where no user is present to supplythe password, and where it is desirable to detect abroken network swiftly. The argument must be ``yes''or ``no''. The default is ``no''.! BindAddressSpecify the interface to transmit from on machineswith multiple interfaces or aliased addresses. Notethat this option does not work if ! UsePrivilegedPortis set to ``yes''.CheckHostIPIf this flag is set to ``yes'', ssh will additionallycheck the host IP address in the known_hosts file. This allows ssh to detect if a host key changed due to DNS spoofing. If the option is set to ``no'', the check will not be executed. The default is ``yes''. 
  
  
 Cipher 
 Specifies the cipher to use for encrypting the ses- sion in 
@@ -567,9 +567,9 @@
  
  
  ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, 
 aes192-cbc,aes256-cbc'' 
-ClearAllForwardings 
+! ClearAllForwardings 
  
  
 Specifies that all local, remote and dynamic port 
 forwardings specified in the configuration files or on the 
@@ -584,25 +584,25 @@
 Compression 
 Specifies whether to use compression. The argument must be ``yes'' or ``no''. The default is ``no''. 
  
  
-CompressionLevel 
+! CompressionLevel 
 Specifies the compression level to use if compression is 
 enabled. The argument must be an integer from 1 (fast) to 9 
 (slow, best). The default level is 6, which is good for most 
 applications. The meaning of the values is the same as in 
 gzip(1). Note that this option applies to protocol 
 version 1 only. 
  
  
-ConnectionAttempts 
+! ConnectionAttempts 
 Specifies the number of tries (one per second) to make 
 before falling back to rsh or exiting. The argument must be 
 an integer. This may be useful in scripts if the connection 
 sometimes fails. The default is 1. 
  
  
-DynamicForward 
+! DynamicForward 
 Specifies that a TCP/IP port on the local machine be 
 forwarded over the secure channel, and the applica- tion 
 protocol is then used to determine where to con- nect to 
 from the remote machine. The argument must be a port number. 
@@ -612,27 +612,27 @@
 Only the superuser can forward privileged 
 ports. 
  
  
-EscapeChar 
+! EscapeChar 
 Sets the escape character (default: ~). The escape 
 character can also be set on the command line. The argument 
 should be a single character, ^ followed by a 
 letter, or ``none'' to disable the escape character entirely 
 (making the connection transparent for binary 
 data). 
  
  
-FallBackToRsh 
+! FallBackToRsh 
 Specifies that if connecting via ssh fails due to a 
 connection refused error (there is no sshd(8) 
 listen- ing on the remote host), rsh(1) should 
 automatically be used instead (after a suitable warning 
 about the session being unencrypted). The argument must be 
 ``yes'' or ``no''. The default is ``no''. 
  
  
-ForwardAgent 
+! ForwardAgent 
 Specifies whether the connection to the authentica- tion 
 agent (if any) will be forwarded to the remote machine. The 
 argument must be ``yes'' or ``no''. The default is 
 ``no''. 
@@ -644,56 +644,56 @@
 The argument must be ``yes'' or ``no''. The default is 
 ``no''. 
  
  
-GatewayPorts 
+! GatewayPorts 
 Specifies whether remote hosts are allowed to connect to 
 local forwarded ports. By default, ssh binds local port 
 forwardings to the loopback addresss. This prevents other 
 remote hosts from connecting to forwarded ports. 
-GatewayPorts can be used to specify that ssh should bind 
+! GatewayPorts can be used to specify that ssh should bind 
 local port forwardings to the wildcard address, thus 
 allowing remote hosts to con- nect to forwarded ports. The 
 argument must be ``yes'' or ``no''. The default is 
 ``no''. 
  
  
-GlobalKnownHostsFile 
+! GlobalKnownHostsFile 
 Specifies a file to use for the global host key database 
 instead of /etc/ssh/ssh_known_hosts. 
  
  
-HostbasedAuthentication 
+! HostbasedAuthentication 
 Specifies whether to try rhosts based authentication with 
 public key authentication. The argument must be ``yes'' or 
 ``no''. The default is ``no''. This option applies to 
 protocol version 2 only and is sim- ilar to 
 RhostsRSAAuthentication. 
  
  
-HostKeyAlgorithms 
+! HostKeyAlgorithms 
 Specifies the protocol version 2 host key algorithms that 
 the client wants to use in order of preference. The default 
 for this option is: ``ssh-rsa,ssh-dss'' 
  
  
-HostKeyAlias 
+! HostKeyAlias 
 Specifies an alias that should be used instead of the real 
 host name when looking up or saving the host key in the host 
 key database files. This option is use- ful for tunneling 
 ssh connections or for multiple servers running on a single 
 host. 
  
  
-HostName 
+! HostName 
 Specifies the real host name to log into. This can be used 
 to specify nicknames or abbreviations for hosts. Default is 
 the name given on the command line. Numeric IP addresses are 
-also permitted (both on the command line and in HostName 
+also permitted (both on the command line and in ! HostName 
 specifications). 
  
  
-IdentityFile 
+! IdentityFile 
 Specifies the file from which the user's RSA or DSA 
 authentication identity is read (default 
 $HOME/.ssh/identity in the user's home directory). 
 Additionally, any identities represented by the 
@@ -703,16 +703,16 @@
 specified in configuration files; all these identities will 
 be tried in sequence. 
  
  
-KeepAlive 
+! KeepAlive 
 Specifies whether the system should send keepalive messages 
 to the other side. If they are sent, death of the connection 
 or crash of one of the machines will be properly noticed. 
 This option only uses TCP keepalives (as opposed to using 
 ssh level keepalives), so takes a long time to notice when 
 the connection dies. As such, you probably want the 
-ProtocolKeepAlives option as well. However, this means that 
+! ProtocolKeepAlives option as well. However, this means that 
 connections will die if the route is down temporarily, and 
 some people find it annoying. 
  
  
@@ -726,22 +726,22 @@
 both the server and the client configura- tion 
 files. 
  
  
-KerberosAuthentication 
+! KerberosAuthentication 
 Specifies whether Kerberos authentication will be used. The 
 argument to this keyword must be ``yes'' or 
 ``no''. 
  
  
-KerberosTgtPassing 
+! KerberosTgtPassing 
 Specifies whether a Kerberos TGT will be forwarded to the 
 server. This will only work if the Kerberos server is 
 actually an AFS kaserver. The argument to this keyword must 
 be ``yes'' or ``no''. 
  
  
-LocalForward 
+! LocalForward 
 Specifies that a TCP/IP port on the local machine be 
 forwarded over the secure channel to the specified host and 
 port from the remote machine. The first argument must be a 
 port number, and the second must be host:port. IPv6 
@@ -751,9 +751,9 @@
 Only the superuser can forward privileged 
 ports. 
  
  
-LogLevel 
+! LogLevel 
 Gives the verbosity level that is used when logging messages 
 from ssh. The possible values are: QUIET, FATAL, ERROR, 
 INFO, VERBOSE and DEBUG. The default is INFO. 
  
@@ -765,9 +765,9 @@
 algorithms must be comma-separated. The default is 
 ``hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96''. 
  
  
-NoHostAuthenticationForLocalhost 
+! NoHostAuthenticationForLocalhost 
 This option can be used if the home directory is shared 
 across machines. In this case localhost will refer to a 
 different machine on each of the machines and the user will 
 get many warnings about changed host keys. However, this 
@@ -775,15 +775,15 @@
 argument to this keyword must be ``yes'' or ``no''. The 
 default is to check the host key for localhost. 
  
  
-NumberOfPasswordPrompts 
+! NumberOfPasswordPrompts 
 Specifies the number of password prompts before giv- ing up. 
 The argument to this keyword must be an integer. Default is 
 3. 
  
  
-PasswordAuthentication 
+! PasswordAuthentication 
 Specifies whether to use password authentication. The 
 argument to this keyword must be ``yes'' or ``no''. The 
 default is ``yes''. 
  
@@ -792,9 +792,9 @@
 Specifies the port number to connect on the remote host. 
 Default is 22. 
  
  
-PreferredAuthentications 
+! PreferredAuthentications 
 Specifies the order in which the client should try protocol 
 2 authentication methods. This allows a client to prefer one 
 method (e.g. keyboard-interactive) over another method (e.g. 
 password) The default for this option is: 
@@ -808,17 +808,17 @@
 ``2,1''. This means that ssh tries version 2 and falls back 
 to version 1 if ver- sion 2 is not available. 
  
  
-ProtocolKeepAlives 
+! ProtocolKeepAlives 
 Specifies the interval at which IGNORE packets will be sent 
 to the server during dile periods. Use this option in 
 scripts to detect when the network fails. The argument must 
 be an integer. The default is 0 (disabled), or 300 if the 
-BatchMode option is set. 
+! BatchMode option is set. 
  
  
-ProxyCommand 
+! ProxyCommand 
 Specifies the command to use to connect to the server. The 
 command string extends to the end of the line, and is 
 executed with /bin/sh. In the command string, 
 %h will be substituted by the host name to connect 
@@ -826,21 +826,21 @@
 anything, and should read from its standard input and write 
 to its standard output. It should eventually connect an 
 sshd(8) server running on some machine, or execute 
 sshd -i somewhere. Host key man- agement will be done using 
-the HostName of the host being connected (defaulting to the 
+the ! HostName of the host being connected (defaulting to the 
 name typed by the user). Note that CheckHostIP is not 
 available for connects with a proxy command. 
  
  
-PubkeyAuthentication 
+! PubkeyAuthentication 
 Specifies whether to try public key authentication. The 
 argument to this keyword must be ``yes'' or ``no''. The 
 default is ``yes''. This option applies to protocol version 
 2 only. 
  
  
-RemoteForward 
+! RemoteForward 
 Specifies that a TCP/IP port on the remote machine be 
 forwarded over the secure channel to the specified host and 
 port from the local machine. The first argument must be a 
 port number, and the second must be host:port. IPv6 
@@ -850,9 +850,9 @@
 Only the superuser can forward privileged 
 ports. 
  
  
-RhostsAuthentication 
+! RhostsAuthentication 
 Specifies whether to try rhosts based authentication. Note 
 that this declaration only affects the client side and has 
 no effect whatsoever on security. Dis- abling rhosts 
 authentication may reduce authentica- tion time on slow 
@@ -879,34 +879,34 @@
 Note that this option applies to protocol version 1 
 only. 
  
  
-ChallengeResponseAuthentication 
+! ChallengeResponseAuthentication 
 Specifies whether to use challenge response authenti- 
 cation. The argument to this keyword must be ``yes'' or 
 ``no''. The default is ``yes''. 
  
  
-SetupTimeOut 
+! SetupTimeOut 
 Normally, ssh blocks indefinitly whilst waiting to receive 
 the ssh banner and other setup protocol from the server, 
 during the session setup. This can cause ssh to hang under 
 certain circumstances. If this option is set, ssh will give 
 up if no data from the server is received for the specified 
 number of sec- onds. The argument must be an integer. The 
-default is 0 (disabled), or 300 if BatchMode is 
+default is 0 (disabled), or 300 if ! BatchMode is 
 set. 
  
  
-SmartcardDevice 
+! SmartcardDevice 
 Specifies which smartcard device to use. The argument to 
 this keyword is the device ssh should use to com- municate 
 with a smartcard used for storing the user's private RSA 
 key. By default, no device is specified and smartcard 
 support is not activated. 
  
  
-StrictHostKeyChecking 
+! StrictHostKeyChecking 
 If this flag is set to ``yes'', ssh will never auto- 
 matically add host keys to the 
 $HOME/.ssh/known_hosts file, and refuses to connect 
 to hosts whose host key has changed. This provides maximum 
@@ -924,13 +924,13 @@
 all cases. The argument must be ``yes'', ``no'' or ``ask''. 
 The default is ``ask''. 
  
  
-UsePrivilegedPort 
+! UsePrivilegedPort 
 Specifies whether to use a privileged port for outgo- ing 
 connections. The argument must be ``yes'' or ``no''. The 
 default is ``no''. Note that this option must be set to 
-``yes'' if RhostsAuthentication and RhostsRSAAuthentication 
+``yes'' if ! RhostsAuthentication and RhostsRSAAuthentication 
 authentications are needed with older servers. 
  
  
 User 
@@ -939,18 +939,18 @@
 saves the trouble of having to remem- ber to give the user 
 name on the command line. 
  
  
-UserKnownHostsFile 
+! UserKnownHostsFile 
 Specifies a file to use for the user host key database 
 instead of $HOME/.ssh/known_hosts. 
  
  
-UseRsh 
+! UseRsh 
 Specifies that rlogin/rsh should be used for this host. It 
 is possible that the host does not at all support the ssh 
 protocol. This causes ssh to immedi- ately execute 
-rsh(1). All other options (except HostName) are 
+rsh(1). All other options (except ! HostName) are 
 ignored if this has been specified. The argument must be 
 ``yes'' or ``no''. 
  
  
@@ -1137,9 +1137,9 @@
 /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, 
 /etc/ssh/ssh_host_rsa_key 
 These three files contain the private parts of the host keys 
 and are used for RhostsRSAAuthentication and 
-HostbasedAuthentication. Since they are readable only by 
+! HostbasedAuthentication. Since they are readable only by 
 root ssh must be setuid root if these authen- tication 
 methods are desired. 
  
  
This page is a man page (or other imported legacy content). We are unable to automatically determine the license status of this page.